ARG PYVERSION={{ config.python_version }}
ARG HOME
FROM {{ base_image_name_and_tag }} AS truss_server

{%- set python_exec_path = config.base_image.python_executable_path or '$(which python3)' %}
{# NB(nikhil): Our `uv` installation commands require a full path to the python interpreter, but it relies #}
{# on shell expansion to do so if `python_executable_path` is not provided. This expansion doesn't work for certain #}
{# docker commands (ENV, ENTRYPPOINT), so we point that to `python3` as a default. #}
{%- set python_executable = config.base_image.python_executable_path or 'python3' %}
ENV PYTHON_EXECUTABLE="{{ python_executable }}"

{%- set app_username = "app" %}  {# needed later for USER directive#}
{% block user_setup %}
{%- set app_user_uid = 60000 %}
{%- set control_server_dir = "/control" %}
{%- set default_owner = "root:root" %}
{%- if non_root_user %}
{# The non-root user's home directory. #}
{# uv will use $HOME to install packages. #}
ENV HOME=${HOME:-/home/{{ app_username }}}
{%- else %}
{# This is the default, but we use this variable later so ... setting it here too.#}
ENV HOME=${HOME:-/root}
{%- endif %} {#- endif non_root_user #}
{# Directory containing inference server code. #}
ENV APP_HOME=/{{ app_username }}
RUN mkdir -p ${APP_HOME} {{ control_server_dir }}
{# Create a non-root user to run model containers. #}
RUN useradd -u {{ app_user_uid }} -ms /bin/bash {{ app_username }}
{% endblock %} {#- endblock user_setup #}

{#- at the very beginning, set non-interactive mode for apt #}
ENV DEBIAN_FRONTEND=noninteractive


{%- set UV_VERSION = "0.8.22" %}
{#
NB(nikhil): We use a semi-complex uv installation command across the board:
- A generous UV_HTTP_TIMEOUT (5m) for packages that take a long time to install.
- We use `unsafe-best-match` since `uv` is stricter about having multiple registries, and we often need to search multiple.
- Use the python executable currently on the path, will respect activated virtual envs.
#}
{%- set sys_pip_install_command =
    "UV_HTTP_TIMEOUT=${UV_HTTP_TIMEOUT:-300} " +
    "uv pip install " +
    "--index-strategy unsafe-best-match " +
    "--python " + python_exec_path
%}

{% block fail_fast %}
RUN grep -w 'ID=debian\|ID_LIKE=debian' /etc/os-release || { echo "ERROR: Supplied base image is not a debian image"; exit 1; }
RUN {{ python_exec_path }} -c "import sys; \
    sys.exit(0) \
    if sys.version_info.major == {{ supported_python_major_version_in_custom_base_image }} \
    and sys.version_info.minor >= {{ min_supported_python_minor_version_in_custom_base_image }} \
    and sys.version_info.minor <= {{ max_supported_python_minor_version_in_custom_base_image }} \
    else sys.exit(1)" \
    || { echo "ERROR: Supplied base image does not have {{ min_supported_python_version_in_custom_base_image }} <= python <= {{ max_supported_python_version_in_custom_base_image }}"; exit 1; }
{% endblock %}

{% block install_uv %}
{# Install `uv` and `curl` if not already present in the image. We validate the expected location for `uv` at the very end
   due to limitations with `pipefail` in Docker context. #}
RUN if ! command -v uv >/dev/null 2>&1; then \
    command -v curl >/dev/null 2>&1 || (apt update && apt install -y curl) && \
    curl -LsSf --retry 5 --retry-delay 5 https://astral.sh/uv/{{ UV_VERSION }}/install.sh | sh && \
    test -x ${HOME}/.local/bin/uv; \
fi
{# Add the user's local bin to the path, used by uv. #}
ENV PATH=${PATH}:${HOME}/.local/bin
{% endblock %}

{% block base_image_patch %}
{% endblock %}

{% if config.model_framework.value == 'huggingface_transformer' %}
    {% if config.resources.use_gpu %}
{# HuggingFace pytorch gpu support needs mkl. #}
RUN {{ sys_pip_install_command }} install mkl
    {% endif %}
{% endif %}

{% block post_base %}
{% endblock %}

{% block install_system_requirements %}
    {%- if should_install_system_requirements %}
COPY --chown={{ default_owner }} ./{{ system_packages_filename }} {{ system_packages_filename }}
RUN apt-get update && apt-get install --yes --no-install-recommends $(cat {{ system_packages_filename }}) \
    && apt-get autoremove -y \
    && apt-get clean -y \
    && rm -rf /var/lib/apt/lists/*
    {%- endif %}
{% endblock %}


{% block install_requirements %}
    {%- if should_install_user_requirements_file %}
COPY --chown={{ default_owner }} ./{{ user_supplied_requirements_filename }} {{ user_supplied_requirements_filename }}
RUN {{ sys_pip_install_command }} -r {{ user_supplied_requirements_filename }} --no-cache-dir
    {%- endif %}
    {%- if should_install_requirements %}
COPY --chown={{ default_owner }} ./{{ config_requirements_filename }} {{ config_requirements_filename }}
RUN {{ sys_pip_install_command }} -r {{ config_requirements_filename }} --no-cache-dir
{%- endif %}
{% endblock %}



{%- if not config.docker_server %}
WORKDIR $APP_HOME
{%- endif %}

{% block app_copy %}
{% endblock %}


{% set packages_dir = "/packages" %}
RUN mkdir -p {{ packages_dir }}
{% block bundled_packages_copy %}
    {%- if bundled_packages_dir_exists %}
COPY --chown={{ default_owner }} ./{{ config.bundled_packages_dir }} {{ packages_dir }}
{%- endif %}
{% endblock %}


{% for env_var_name, env_var_value in passthrough_environment_variables.items() %}
ENV {{ env_var_name }}="{{ env_var_value }}"
{% endfor %}

{% block run %}
{% endblock %}
